diff options
author | Ross Burton <ross.burton@arm.com> | 2022-05-06 16:56:00 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-05-12 16:42:13 +0100 |
commit | 609d6de7451ce46941c73257525e1a401e7241e2 (patch) | |
tree | 6a66d6247c2cf2736ee70dff8fe88a4c59291efd | |
parent | 1b0306978ccf3c2235fe963e92145c43e418480a (diff) | |
download | poky-609d6de7451ce46941c73257525e1a401e7241e2.tar.gz |
oeqa/selftest: add test for git working correctly inside pseudo
The fix for CVE-2022-24765 in git[1] breaks any use of git inside
pseudo. Add a simple test case to oe-selftest to verify that at least
basic uses of git work fine under pseudo.
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
(From OE-Core rev: c1b43595a023e481daeb6005c431f51897aeb45d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 46822268040a23dbb81f71fe35aee8c2663a31f6)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb | 15 | ||||
-rw-r--r-- | meta/lib/oeqa/selftest/cases/git.py | 15 |
2 files changed, 30 insertions, 0 deletions
diff --git a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb index cc5d7eae5a..fa3041b7d8 100644 --- a/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb +++ b/meta-selftest/recipes-test/git-submodule-test/git-submodule-test.bb | |||
@@ -7,3 +7,18 @@ INHIBIT_DEFAULT_DEPS = "1" | |||
7 | 7 | ||
8 | SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master" | 8 | SRC_URI = "gitsm://git.yoctoproject.org/git-submodule-test;branch=master" |
9 | SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee" | 9 | SRCREV = "a2885dd7d25380d23627e7544b7bbb55014b16ee" |
10 | |||
11 | S = "${WORKDIR}/git" | ||
12 | |||
13 | do_test_git_as_user() { | ||
14 | cd ${S} | ||
15 | git status | ||
16 | } | ||
17 | addtask test_git_as_user after do_unpack | ||
18 | |||
19 | fakeroot do_test_git_as_root() { | ||
20 | cd ${S} | ||
21 | git status | ||
22 | } | ||
23 | do_test_git_as_root[depends] += "virtual/fakeroot-native:do_populate_sysroot" | ||
24 | addtask test_git_as_root after do_unpack | ||
diff --git a/meta/lib/oeqa/selftest/cases/git.py b/meta/lib/oeqa/selftest/cases/git.py new file mode 100644 index 0000000000..f12874dc7d --- /dev/null +++ b/meta/lib/oeqa/selftest/cases/git.py | |||
@@ -0,0 +1,15 @@ | |||
1 | from oeqa.selftest.case import OESelftestTestCase | ||
2 | from oeqa.utils.commands import bitbake | ||
3 | |||
4 | class GitCheck(OESelftestTestCase): | ||
5 | def test_git_intercept(self): | ||
6 | """ | ||
7 | Git binaries with CVE-2022-24765 fixed will refuse to operate on a | ||
8 | repository which is owned by a different user. This breaks our | ||
9 | do_install task as that runs inside pseudo, so the git repository is | ||
10 | owned by the build user but git is running as (fake)root. | ||
11 | |||
12 | We have an intercept which disables pseudo, so verify that it works. | ||
13 | """ | ||
14 | bitbake("git-submodule-test -c test_git_as_user") | ||
15 | bitbake("git-submodule-test -c test_git_as_root") | ||